[ Julia sent a message about this in Jan, but that was like a million
years ago so I'm resending. -dan ]
Hello David Howells,
The patch 018584697533: "netfs: Add a function to extract an iterator
into a scatterlist" from Oct 27, 2022, leads to the following Smatch
static checker warning:
fs/netfs/iterator.c:137 netfs_extract_user_to_sg() warn: count down condition reversed? 'npages < 0'
fs/netfs/iterator.c:137 netfs_extract_user_to_sg() warn: unsigned 'npages' is never less than zero.
fs/netfs/iterator.c
109 static ssize_t netfs_extract_user_to_sg(struct iov_iter *iter,
110 ssize_t maxsize,
111 struct sg_table *sgtable,
112 unsigned int sg_max,
113 iov_iter_extraction_t extraction_flags)
114 {
115 struct scatterlist *sg = sgtable->sgl + sgtable->nents;
116 struct page **pages;
117 unsigned int npages;
118 ssize_t ret = 0, res;
119 size_t len, off;
120
121 /* We decant the page list into the tail of the scatterlist */
122 pages = (void *)sgtable->sgl + array_size(sg_max, sizeof(struct scatterlist));
123 pages -= sg_max;
124
125 do {
126 res = iov_iter_extract_pages(iter, &pages, maxsize, sg_max,
127 extraction_flags, &off);
128 if (res < 0)
129 goto failed;
130
131 len = res;
132 maxsize -= len;
133 ret += len;
134 npages = DIV_ROUND_UP(off + len, PAGE_SIZE);
135 sg_max -= npages;
136
--> 137 for (; npages < 0; npages--) {
^^^^^^^^^^
This was supposed to be npages >= 0 or > 0 probably. Also signedness
bug.
138 struct page *page = *pages;
139 size_t seg = min_t(size_t, PAGE_SIZE - off, len);
140
141 *pages++ = NULL;
142 sg_set_page(sg, page, len, off);
143 sgtable->nents++;
144 sg++;
145 len -= seg;
146 off = 0;
147 }
148 } while (maxsize > 0 && sg_max > 0);
149
150 return ret;
151
152 failed:
153 while (sgtable->nents > sgtable->orig_nents)
154 put_page(sg_page(&sgtable->sgl[--sgtable->nents]));
155 return res;
156 }
regards,
dan carpenter
